Case Summary
Veesion, a French company, developed software for CCTV cameras designed to detect suspicious behavior through algorithmic image processing. This software gained popularity among retailers for monitoring their premises. However, the French Data Protection Authority (CNIL) determined that the software violated the GDPR, particularly the right to object under Article 21, and notified the company of its findings. The CNIL also indicated that Veesion’s clients needed to be informed of the investigation’s outcome.
In response, Veesion disputed the CNIL’s legal interpretation, arguing that the right to object did not apply to the data processing conducted by their software, citing Article R. 253-6 of the Code of Internal Security. The company then appealed to the French Supreme Administrative Court (Conseil d’Etat) to halt the enforcement of the CNIL’s decision.
The court dismissed Veesion’s appeal, ruling that the software did not fall under the protection of Article R. 253-6, which applies only to specific types of CCTV related to national security and public safety. The court found no other grounds to suspend the CNIL’s decision or exempt the software from compliance with the law. As such, the French Supreme Administrative Court upheld that using a video surveillance system with real-time suspicious behavior detection violates Article 21 of the GDPR and cannot be justified by a national law exemption.
Access to the full judgment
Further notes on contested technology
- → AI Technology
- → The technology is deployed
Additional resources
Author of the case note
